Investigation continues in second Affinity Gaming payment card breach

Affinity Gaming is investigating its second payment card breach in about six months.

Last week, about six months after announcing a breach that resulted in the compromise of payment card data for as many as 300,000 cardholders, Nevada-based casino operator Affinity Gaming revealed that it is investigating another payment card breach.

The incident involved unauthorized access being gained to the system that processes customer payment cards for Affinity Gaming casinos, according to an April 28 post on the website.

On Monday, Affinity Gaming posted an update, explaining their IT experts said that payment cards used after April 28 had not been compromised. Affinity Gaming additionally set up a phone line for customer inquiries.

That is the extent of what has been revealed – details have been sparse as an investigation is ongoing with law enforcement and gaming regulatory officials, as well as Mandiant, a security incident response management solutions provider, according to the post.

“Affinity has implemented controls to secure the credit card processing environment,” according to the announcement posted on April 28, which explains security will be enhanced in response to new and emerging threats. “We currently have no evidence to indicate that credit card data is being stolen.”

Affinity Gaming and Mandiant did not respond to SCMagazine.com requests for comments.

In December 2013, Affinity Gaming notified as many as 300,000 cardholders that their payment card data may have been stolen by hackers that compromised the casino operator's payment system. It was unclear when the attack began, but people were notified if they used gaming facilities between March 14, 2013, and Oct. 16, 2013.

Get SC Media delivered to your inbox

SC Media Featured White Paper of the Day

SC Media Newswire

SC Media Product/Industry Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.